why new GnuPG packages when it is dynamically linked ?
Hello, when doing ldd /usr/bin/gpg I get libz.so.1 => /lib/libz.so.1 (0x40026000) so GnuPG (on SuSE 7.3 at least) seems to be linked dynamically against libz, so it should be enough to update libz, but why offers SuSE a new gpg package although it's linked dynamically against libz ? Thanx Malte
Malte Gell wrote:
Hello,
when doing ldd /usr/bin/gpg I get
libz.so.1 => /lib/libz.so.1 (0x40026000)
so GnuPG (on SuSE 7.3 at least) seems to be linked dynamically against libz, so it should be enough to update libz, but why offers SuSE a new gpg package although it's linked dynamically against libz ?
gnupg-1.0.4/zlib$ ls ChangeLog Makefile.in algorithm.doc deflate.c infblock.h inffast.c inflate.c infutil.c trees.h zlib.h Makefile README compress.c deflate.h infcodes.c inffast.h inftrees.c infutil.h uncompr.c zutil.c Makefile.am adler32.c crc32.c infblock.c infcodes.h inffixed.h inftrees.h trees.c zconf.h zutil.h Questions? ;) -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
Malte Gell wrote:
Hello,
when doing ldd /usr/bin/gpg I get
libz.so.1 => /lib/libz.so.1 (0x40026000)
so GnuPG (on SuSE 7.3 at least) seems to be linked dynamically against libz, so it should be enough to update libz, but why offers SuSE a new gpg package although it's linked dynamically against libz ?
gnupg-1.0.4/zlib$ ls ChangeLog Makefile.in algorithm.doc deflate.c infblock.h inffast.c inflate.c infutil.c trees.h zlib.h Makefile README compress.c deflate.h infcodes.c inffast.h inftrees.c infutil.h uncompr.c zutil.c Makefile.am adler32.c crc32.c infblock.c infcodes.h inffixed.h inftrees.h trees.c zconf.h zutil.h
Questions? ;)
:-)
No, but Malte is right. In _most_ platforms, it's linked dynamically. If
the configure script determines that dynamically linking isn't possible,
then the own source is used. This shouldn't happen, but it _can_.
In such a case it may be better to fix the source, even though it's not
used. gpg is one of the most critical security applications on the
product, and it's good to have it fixed in all respect. When I was digging
through several gigs of build logs, I've just seen gpg and didn't think
any further, it was a must. I agree that there was a lack of
communication, though.
Better safe than sorry.
Roman.
--
- -
| Roman Drahtmüller
Roman Drahtmueller wrote:
In such a case it may be better to fix the source, even though it's not used. gpg is one of the most critical security applications on the product, and it's good to have it fixed in all respect. When I was digging through several gigs of build logs, I've just seen gpg and didn't think any further, it was a must. I agree that there was a lack of communication, though. Better safe than sorry.
right. Whats about the SuSE 8.0 Release Date? i don't think that all packages which MAY contain a own libz can checked and fixed untill the release, or? -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
In such a case it may be better to fix the source, even though it's not used. gpg is one of the most critical security applications on the product, and it's good to have it fixed in all respect. When I was digging through several gigs of build logs, I've just seen gpg and didn't think any further, it was a must. I agree that there was a lack of communication, though. Better safe than sorry.
right. Whats about the SuSE 8.0 Release Date? i don't think that all packages which MAY contain a own libz can checked and fixed untill the release, or?
The 8.0 code base was the first that got fixed. :-)
The release date will appear on the webserver when it's due...
Roman.
--
- -
| Roman Drahtmüller
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Freitag, 15. März 2002 16:36 Roman Drahtmueller wrote:
The 8.0 code base was the first that got fixed. :-) The release date will appear on the webserver when it's due...
Excuse me, I cannot resist the urge to post something off-topic .o)
The rumor is (from reseller linuxland.de for example, who allready
started accepting orders) :
availability mid of April
Hmmm, and the big annual German computer fair CeBIT starts on April 13rd.
Excuse me, Roman, I could not resist the temptation.
It's not at all so secret among the tribe-folks.
I heard the rumor at least a week ago, and now it's
allready on the net also... .o)
Michael
- --
Michael Zimmermann (Vegaa Internet Services)
They have announced that 8.0 is due in mid april:
http://www.suse.com/us/products/suse_linux/i386/index.html
Jim
03/15/02 11:00:11 AM, Michael Zimmermann
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
At Freitag, 15. März 2002 16:36 Roman Drahtmueller wrote:
The 8.0 code base was the first that got fixed. :-) The release date will appear on the webserver when it's due...
Excuse me, I cannot resist the urge to post something off-topic .o)
The rumor is (from reseller linuxland.de for example, who allready started accepting orders) :
availability mid of April
Hmmm, and the big annual German computer fair CeBIT starts on April 13rd.
Excuse me, Roman, I could not resist the temptation. It's not at all so secret among the tribe-folks. I heard the rumor at least a week ago, and now it's allready on the net also... .o)
Michael - -- Michael Zimmermann (Vegaa Internet Services)
phone +49 89 6283 7632 hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8kiib72vu22ltWBERAmX8AJ97hc09Eb53Eo1mLekT16A8wYVz 4wCggkrR /yu5DqjfNooU/NPWIF0LbnI= =Cs1l -----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (6)
-
Anders Johansson
-
James Bliss
-
malte_gell@t-online.de
-
Michael Zimmermann
-
Roman Drahtmueller
-
Sven Michels